29 matches found
attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr
...
Linux Distros Unpatched Vulnerability : CVE-2026-54371
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges b...
Symlink Attack
Overview libattr is a None Affected versions of this package are vulnerable to Symlink Attack. via the getfattr or setfattr process. An attacker can gain elevated privileges by substituting a symbolic link for a pathname component during directory traversal, causing operations to be redirected to...
CVE-2026-54371
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...
UBUNTU-CVE-2026-54371
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...
CVE-2026-54371
A flaw was found in the attr package. This vulnerability allows a local attacker to perform a symlink traversal attack by replacing a pathname component with a symbolic link - either during directory hierarchy traversal by getfattr or during backup restoration by setfattr, which reads and resolve...
CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...
CVE-2026-54371
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...
CVE-2026-54371 attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...
EUVD-2026-40087
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...
CVE-2026-54371
The CVE affects the attr utilities (getfattr/setfattr) with versions before 2.6.0. Root cause is a symlink traversal during directory hierarchy traversal, enabling local privilege escalation when a privileged process uses getfattr/setfattr on attacker-controlled paths. The documents do not provid...
CVE-2026-54371
attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component ca...
PT-2026-53274
Name of the Vulnerable Software and Affected Versions attr versions prior to 2.6.0 Description A flaw in the attr component, specifically within the getfattr and setfattr utilities, allows a local attacker to perform a symlink traversal attack. By replacing a pathname component with a symbolic li...
EUVD-2006-0085
Malware in sbrugna...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-387890)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-387890 advisory. In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decodegetfattrattrs Fix the following KMSAN warning: CPU: 1 UID: 0 PID:...
Security update for busybox, busybox-links
This update for busybox, busybox-links fixes the following issues: Updated to version 1.37.0 jscPED-13039: CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580 CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function bsc1217584...
Security update for busybox, busybox-links
This update for busybox, busybox-links fixes the following issues: Updated to version 1.37.0 jscPED-13039: - CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580 - CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function bsc1217584 -...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: nfs: Fixed the KMSAN warning in decodegetfattr attrs. Fixed the following KMSAN warnings: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: B=BADPAGE Hardware name: QEMU Standard PC Q35 + ICH9, 2009...
nfs: Fix KMSAN warning in decode_getfattr_attrs()
...
SUSE CVE-2024-53066
In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decodegetfattrattrs Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: B=BADPAGE Hardware name: QEMU Standard PC Q35 + ICH9, 2009...